Malicious users warm to 'fuzzing'

Tools used by software developers to test for faulty design are now being employed by hackers to discover unknown vulnerabilities, a security firm warned today.

Artificial Intelligence (AI) tools are designed to mimic human intelligence by trying to force abnormal responses in applications to determine if bugs are present.

But this methodology, known as "fuzzing," is also being widely used by hackers, who are sharing their findings with the underground malicious community in instant relay chat rooms "to rapidly develop new threats," according to a news release from Secure Computing that was released today.

Company officials said in the statement that as more and more exploits emerge, vendors will have difficulty pushing out timely fixes.

"Fuzzing will clearly accelerate the ability for hackers to discover new vulnerabilities in software applications," said Paul Henry, vice president of strategic accounts for Secure Computing. "Software vendors were already struggling to keep up with patches for software bugs. The use of fuzzing tools by hackers and the flood of newly discovered vulnerabilities may overwhelm software vendors' ability to respond with patches."